diff --git a/modules/ihatemoney.nix b/modules/ihatemoney.nix
index 0694896..372c799 100644
--- a/modules/ihatemoney.nix
+++ b/modules/ihatemoney.nix
@@ -1,28 +1,57 @@
-{ ... }:
+{ config, lib, ... }:
 let
   cfg = import ./vars.nix;
   port = cfg.ihatemoney.port;
   db = cfg.ihatemoney.db;
+  dbport = cfg.ihatemoney.dbport;
   domain = cfg.ihatemoney.domain;
 in
 {
 
-  imports = [ ./nginx.nix ];
+  imports = [
+    #./podman.nix
+    ./podman-postgresql.nix # for the database
+    ./nginx.nix             # for the webserver
+  ];
+
+  sops.secrets."${db}/db" = {};
+  sops.secrets."${db}/env" = {};
+
+  services.podman-postgresql."${db}" = {
+    enable = true;
+    image = "docker.io/library/postgres:16-alpine";
+    port = (lib.strings.toInt dbport);
+    passwordFile = config.sops.secrets."${db}/db".path;
+  };
 
   services.nginx.virtualHosts."${domain}" = {
     forceSSL = true;
     enableACME = true;
     locations."/" = {
       proxyPass = "http://localhost:${port}";
+      extraConfig = ''
+      '';
     };
     extraConfig = ''
       access_log  /var/log/nginx/${domain}_access.log;
       error_log   /var/log/nginx/${domain}_error.log;
+      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+      proxy_set_header Host $host;
+      proxy_set_header X-Forwarded-Proto $scheme;
+      proxy_set_header X-Forwarded-Protocol $scheme;
+      proxy_redirect off;
+      proxy_connect_timeout 90;
+      proxy_send_timeout 180;
+      proxy_read_timeout 180;
+      proxy_buffer_size 16k;
+      proxy_buffers 8 16k;
+      proxy_busy_buffers_size 32k;
+      proxy_intercept_errors on;
     '';
   };
 
   virtualisation.oci-containers.containers.ihatemoney = {
-    image = "8f083cab39d1";
+    image = "docker.io/ihatemoney/ihatemoney";
     environment = {
       ACTIVATE_ADMIN_DASHBOARD = "True";
       ACTIVATE_DEMO_PROJECT = "False";
@@ -33,23 +62,25 @@ in
       DEBUG = "False";
     };
     ports = [ "${port}:${port}" ];
-    environmentFiles = [ /etc/nixos/keys/ihatemoney-env ];
+    #environmentFiles = [ /etc/nixos/keys/ihatemoney-env ];
+    environmentFiles = [ /run/secrets/ihatemoney/env ];
+    extraOptions = cfg.podman.extraOptions;
   };
 
-  services.postgresql = {
-    ensureDatabases = [ db ];
-    ensureUsers = [
-      {
-        name = db;
-        ensurePermissions = {
-          "DATABASE ${db}" = "ALL PRIVILEGES";
-        };
-      }
-    ];
-    authentication = "host ${db} ${db} 10.88.0.0/16 md5";
-  };
+  #services.postgresql = {
+  #  ensureDatabases = [ db ];
+  #  #ensureUsers = [
+  #  #  {
+  #  #    name = db;
+  #  #    ensurePermissions = {
+  #  #      "DATABASE ${db}" = "ALL PRIVILEGES";
+  #  #    };
+  #  #  }
+  #  #];
+  #  authentication = "host ${db} ${db} 10.88.0.0/16 md5";
+  #};
 
-  services.postgresqlBackup.databases = [ "ihatemoney" ];
+  #services.postgresqlBackup.databases = [ "ihatemoney" ];
 
 }